/*++
/* NAME
/*	tls_rsa
/* SUMMARY
/*	RSA support
/* SYNOPSIS
/*	#define TLS_INTERNAL
/*	#include <tls.h>
/*
/*	RSA	*tls_tmp_rsa_cb(ssl, export, keylength)
/*	SSL	*ssl; /* unused */
/*	int	export;
/*	int	keylength;
/* DESCRIPTION
/*	tls_tmp_rsa_cb() is a call-back routine for the
/*	SSL_CTX_set_tmp_rsa_callback() function.
/*
/*	This implementation will generate only 512-bit ephemeral
/*	RSA keys for export ciphersuites. It will log a warning in
/*	all other usage contexts.
/* LICENSE
/* .ad
/* .fi
/*	This software is free. You can do with it whatever you want.
/*	The original author kindly requests that you acknowledge
/*	the use of his software.
/* AUTHOR(S)
/*	Originally written by:
/*	Lutz Jaenicke
/*	BTU Cottbus
/*	Allgemeine Elektrotechnik
/*	Universitaetsplatz 3-4
/*	D-03044 Cottbus, Germany
/*
/*	Updated by:
/*	Wietse Venema
/*	IBM T.J. Watson Research
/*	P.O. Box 704
/*	Yorktown Heights, NY 10598, USA
/*
/*	Viktor Dukhovni.
/*--*/

/* System library. */

#include <sys_defs.h>
#include <msg.h>

#ifdef USE_TLS

/* TLS library. */

#define TLS_INTERNAL
#include <tls.h>
#include <openssl/rsa.h>

 /*
  * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
  */
#if OPENSSL_VERSION_NUMBER < 0x10100000L

/* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */

RSA    *tls_tmp_rsa_cb(SSL *unused_ssl, int export, int keylength)
{
    static RSA *rsa_tmp;

    /*
     * We generate ephemeral RSA keys only for export ciphersuites.  In all
     * other contexts use of ephemeral RSA keys violates the SSL/TLS
     * protocol, and only takes place when applications ask for trouble and
     * set the SSL_OP_EPHEMERAL_RSA option.  Postfix should never do that.
     */
    if (!export || keylength != 512) {
	msg_warn("%sexport %d-bit ephemeral RSA key requested",
		 export ? "" : "non-", keylength);
	return 0;
    }
    if (rsa_tmp == 0) {
	BIGNUM *e = BN_new();

	if (e != 0 && BN_set_word(e, RSA_F4) && (rsa_tmp = RSA_new()) != 0)
	    if (!RSA_generate_key_ex(rsa_tmp, keylength, e, 0)) {
		RSA_free(rsa_tmp);
		rsa_tmp = 0;
	    }
	if (e)
	    BN_free(e);
    }
    return (rsa_tmp);
}

#endif					/* OPENSSL_VERSION_NUMBER */

#ifdef TEST

#include <msg_vstream.h>

int     main(int unused_argc, char *const argv[])
{
    int     ok = 0;

    /*
     * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
     */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
    RSA    *rsa;

    msg_vstream_init(argv[0], VSTREAM_ERR);

    /* Export at 512-bits should work */
    rsa = tls_tmp_rsa_cb(0, 1, 512);
    ok = rsa != 0 && RSA_size(rsa) == 512 / 8;
    ok = ok && PEM_write_RSAPrivateKey(stdout, rsa, 0, 0, 0, 0, 0);
    tls_print_errors();

    /* Non-export or unexpected bit length should fail */
    ok = ok && tls_tmp_rsa_cb(0, 0, 512) == 0;
    ok = ok && tls_tmp_rsa_cb(0, 1, 1024) == 0;
#endif

    return ok ? 0 : 1;
}

#endif

#endif